We have a guest blogger this week: Paul Nicholas, Principal Security Strategist Manager for the Critical Infrastructure Protection group at Microsoft and Chair of SAFECode is here to talk about supply chain security.
Today’s blog post provides an introduction to another aspect of software assurance. Software assurance is most frequently discussed in the context of processes such as the SDL that make code more secure through the application of secure development practices. However, while there has been growing focus on eliminating software vulnerabilities through secure development practices, these practices assume that all parties involved in development of the product are honest and want to make their product secure. Unfortunately, this is not always the case. Developers, testers and other people in the software supply chain occasionally have the capability and motive to intentionally introduce vulnerabilities, and this type of insider attack can be devastating.
To begin the process of tackling this problem in an effective and commercially reasonable way, the Software Assurance Forum for Excellence in Code (SAFECode) has released The Software Supply Chain Integrity Framework: Defining Risks and Responsibilities for Securing Software in the Global Supply Chain. The framework introduces integrity practices and controls organizations can use to help ensure that supply chain security issues are appropriately mitigated. These practices include:
· Chain of Custody: The confidence that each change and handoff made during the source code’s lifetime is authorized, transparent and verifiable.
· Least Privilege Access: Personnel can access critical data with only the privileges needed to do their jobs.
· Separation of Duties: Personnel cannot unilaterally change data, nor unilaterally control the development process.
· Tamper Resistance and Evidence: Attempts to tamper are obstructed, and when they occur they are evident and reversible.
· Persistent Protection: Critical data is protected in ways that remain effective even if removed from the development location.
· Compliance Management: The success of the protections can be continually and independently confirmed.
· Code Testing and Verification: Methods for code inspection are applied and suspicious code is detected.
I’m looking forward to working with the other members of SAFECode, its international advisory board, and customers from government and the private sector as we identify and refine industry best practices for making the software supply chain more secure. I encourage you to read Software Supply Chain Integrity Framework and join the dialogue.